From 9f365e5fa2add4c097a9a5ef747036ba7dd4d12e Mon Sep 17 00:00:00 2001
From: Vinicius Cestari <165042@havan.com.br>
Date: Fri, 23 May 2025 09:44:02 -0300
Subject: [PATCH] feat: allow author of page with write:pages permission to
 delete the page they created

---
 client/themes/default/components/page.vue |  5 ++++-
 server/graph/schemas/page.graphql         |  2 +-
 server/models/pages.js                    | 11 +++++++++--
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/client/themes/default/components/page.vue b/client/themes/default/components/page.vue
index 0d1f6473..9d4495f7 100644
--- a/client/themes/default/components/page.vue
+++ b/client/themes/default/components/page.vue
@@ -559,11 +559,14 @@ export default {
     tocDecoded () {
       return JSON.parse(Buffer.from(this.toc, 'base64').toString())
     },
+    currentUserId: get('user/id'),
     tocPosition: get('site/tocPosition'),
     hasAdminPermission: get('page/effectivePermissions@system.manage'),
     hasWritePagesPermission: get('page/effectivePermissions@pages.write'),
     hasManagePagesPermission: get('page/effectivePermissions@pages.manage'),
-    hasDeletePagesPermission: get('page/effectivePermissions@pages.delete'),
+    hasDeletePagesPermission() {
+      return get('page/effectivePermissions@pages.delete').call(this) || (this.authorId === this.currentUserId && this.hasWritePagesPermission)
+    },
     hasReadSourcePermission: get('page/effectivePermissions@source.read'),
     hasReadHistoryPermission: get('page/effectivePermissions@history.read'),
     hasAnyPagePermissions () {
diff --git a/server/graph/schemas/page.graphql b/server/graph/schemas/page.graphql
index 552ad325..2ebddae4 100644
--- a/server/graph/schemas/page.graphql
+++ b/server/graph/schemas/page.graphql
@@ -130,7 +130,7 @@ type PageMutation {
 
   delete(
     id: Int!
-  ): DefaultResponse @auth(requires: ["delete:pages", "manage:system"])
+  ): DefaultResponse @auth(requires: ["delete:pages", "write:pages", "manage:system"])
 
   deleteTag(
     id: Int!
diff --git a/server/models/pages.js b/server/models/pages.js
index bb5b6585..173552d4 100644
--- a/server/models/pages.js
+++ b/server/models/pages.js
@@ -795,10 +795,17 @@ module.exports = class Page extends Model {
     }
 
     // -> Check for page access
-    if (!WIKI.auth.checkAccess(opts.user, ['delete:pages'], {
+    const isTheAuthorAndHasWritePermission = page.authorId === opts.user.id && WIKI.auth.checkAccess(opts.user, ['write:pages'], {
       locale: page.locale,
       path: page.path
-    })) {
+    })
+
+    const hasDeletePermission = WIKI.auth.checkAccess(opts.user, ['delete:pages'], {
+      locale: page.locale,
+      path: page.path
+    })
+
+    if (!isTheAuthorAndHasWritePermission && !hasDeletePermission) {
       throw new WIKI.Error.PageDeleteForbidden()
     }